diff --git a/aws.tf b/aws.tf
index 5992e4a..cc794cb 100644
--- a/aws.tf
+++ b/aws.tf
@@ -183,7 +183,7 @@ locals {
 
 data "aws_ami" "console_ami" {
   most_recent = true
-  owners      = ["730389100204"]
+  owners      =  var.use_custom_ami ? ["self"] : ["730389100204"]
 
   filter {
     name   = "name"
diff --git a/tpls/automq_byoc_role_policy.json.tpl b/tpls/automq_byoc_role_policy.json.tpl
index 0401ffc..04fc1b9 100644
--- a/tpls/automq_byoc_role_policy.json.tpl
+++ b/tpls/automq_byoc_role_policy.json.tpl
@@ -110,6 +110,25 @@
         "arn:aws:s3:::${automq_data_bucket}/*",
         "arn:aws:s3:::${automq_ops_bucket}/*"
       ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ec2:DescribeRouteTables",
+        "fsx:CreateFileSystem",
+        "fsx:DeleteFileSystem",
+        "fsx:CreateStorageVirtualMachine",
+        "fsx:TagResource",
+        "fsx:DescribeStorageVirtualMachines",
+        "fsx:UpdateVolume",
+        "fsx:DescribeFileSystems",
+        "fsx:DeleteStorageVirtualMachine",
+        "fsx:UpdateFileSystem",
+        "fsx:CreateVolume",
+        "fsx:DescribeVolumes",
+        "fsx:DeleteVolume"
+      ],
+      "Resource": "*"
     }
   ]
 }
\ No newline at end of file